Trouver mon contenu
Salut, txon, bon retour Noisette : je sais pas si c'Est normal je ne peut aller en mode sans echec par f8 en bootant ma machine. je suis obliger d'utilise le /safeboot dans ms config.
dans rku, la rubrique files je ne peut scanner il y la le fameux message d'erreur: 'error starting helper service.
Dans tool du rku, vm detection affiche les lignes 126 et/a 119 result compromised. que veul t-il dire.
Quand je decrochet les fichiers crocheter dans ssdt, apres un rebootage ils reviennent automatique. un wipe file ne fonctionne pas ni copy files. (force delete n'Est pas dans les choix.)
je fait un copie coller du report RKU pour avoir toutes les lignes que j'Ai en entier.
>SSDT State
NtAdjustPrivilegesToken
Actual Address 0xABFC0C8C
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtClose
Actual Address 0xABE78606
Hooked by: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
NtConnectPort
Actual Address 0xABFC03C4
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtCreateFile
Actual Address 0xABE7805A
Hooked by: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
NtCreateKey
Actual Address 0xABE77D3C
Hooked by: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
NtCreatePort
Actual Address 0xABFC0080
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtCreateSection
Actual Address 0xABE79652
Hooked by: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
NtCreateSymbolicLinkObject
Actual Address 0xABFC0E72
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtCreateThread
Actual Address 0xF7A84F24
Hooked by: Unknown module filename
NtDeleteKey
Actual Address 0xABE77E46
Hooked by: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
NtDeleteValueKey
Actual Address 0xABE77F30
Hooked by: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
NtDuplicateObject
Actual Address 0xABFBFB02
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtLoadDriver
Actual Address 0xABE788CC
Hooked by: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
NtOpenFile
Actual Address 0xABE78362
Hooked by: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
NtOpenProcess
Actual Address 0xF7A84F10
Hooked by: Unknown module filename
NtOpenSection
Actual Address 0xABFC0744
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtOpenThread
Actual Address 0xF7A84F15
Hooked by: Unknown module filename
NtRenameKey
Actual Address 0xABFC17F2
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtRequestWaitReplyPort
Actual Address 0xABFC0196
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtSecureConnectPort
Actual Address 0xABFC1AE6
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtSetSystemInformation
Actual Address 0xABFC1EC4
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtSetValueKey
Actual Address 0xABE77BBA
Hooked by: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
NtShutdownSystem
Actual Address 0xABFC05D2
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtSystemDebugControl
Actual Address 0xABFC0638
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtTerminateProcess
Actual Address 0xABE78814
Hooked by: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
NtTerminateThread
Actual Address 0xABFBFE18
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtWriteFile
Actual Address 0xABE78494
Hooked by: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
NtWriteVirtualMemory
Actual Address 0xF7A84F1A
Hooked by: Unknown module filename
>Shadow
NtUserGetAsyncKeyState
Actual Address 0xABFC2F3C
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtUserGetKeyboardState
Actual Address 0xABFC2D42
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtUserGetKeyState
Actual Address 0xABFC2E3C
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtUserMessageCall
Actual Address 0xABFC2A8A
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtUserPostMessage
Actual Address 0xABFC273C
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtUserPostThreadMessage
Actual Address 0xABFC28E8
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtUserRegisterRawInputDevices
Actual Address 0xABFC303C
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtUserSendInput
Actual Address 0xABFC2C4C
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtUserSetWindowsHookEx
Actual Address 0xABFC3132
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
NtUserSetWinEventHook
Actual Address 0xABFC335C
Hooked by: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
>Processes
>Drivers
>Stealth
>Hooks
Device object-->ParseProcedure, Type: Kernel Object [unknown_code_page]
File object-->ParseProcedure, Type: Kernel Object [unknown_code_page]
Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page]
ntoskrnl.exe+0x00005B12, Type: Inline - RelativeJump 0x804DCB12 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D970, Type: Inline - RelativeJump 0x804E4970 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D99C, Type: Inline - RelativeJump 0x804E499C [ntoskrnl.exe]
Process object-->OpenProcedure, Type: Kernel Object [unknown_code_page]
Section object-->OpenProcedure, Type: Kernel Object [unknown_code_page]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xABF49428 [inspect.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xABF49454 [inspect.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xABF49460 [inspect.sys]
Thread object-->OpenProcedure, Type: Kernel Object [unknown_code_page]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xF751BB4C [inspect.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xF751BB1C [inspect.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xF751BB3C [inspect.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xF751BB28 [inspect.sys]
[500]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218 [shimeng.dll]
[500]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4 [shimeng.dll]
[500]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268 [shimeng.dll]
[500]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9D15A4 [shimeng.dll]
[500]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E39133C [shimeng.dll]
[500]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x44081488 [shimeng.dll]
[500]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719F109C [shimeng.dll]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
Dans rootrepeal j'ai fait un copie coller du ssdt:
ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2008/09/13 23:35
Program Version: Version 1.1.1.0
Windows Version: Windows XP SP3
==================================================
SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked
#: 001 Function Name: NtAccessCheck
Status: Not hooked
#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked
#: 003 Function Name: NtAccessCheckByType
Status: Not hooked
#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked
#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked
#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked
#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked
#: 008 Function Name: NtAddAtom
Status: Not hooked
#: 009 Function Name: NtAddBootEntry
Status: Not hooked
#: 010 Function Name: NtAdjustGroupsToken
Status: Not hooked
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xabfc0c8c
#: 012 Function Name: NtAlertResumeThread
Status: Not hooked
#: 013 Function Name: NtAlertThread
Status: Not hooked
#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked
#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked
#: 016 Function Name: NtAllocateUuids
Status: Not hooked
#: 017 Function Name: NtAllocateVirtualMemory
Status: Not hooked
#: 018 Function Name: NtAreMappedFilesTheSame
Status: Not hooked
#: 019 Function Name: NtAssignProcessToJobObject
Status: Not hooked
#: 020 Function Name: NtCallbackReturn
Status: Not hooked
#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked
#: 022 Function Name: NtCancelIoFile
Status: Not hooked
#: 023 Function Name: NtCancelTimer
Status: Not hooked
#: 024 Function Name: NtClearEvent
Status: Not hooked
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xabe78606
#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked
#: 027 Function Name: NtCompactKeys
Status: Not hooked
#: 028 Function Name: NtCompareTokens
Status: Not hooked
#: 029 Function Name: NtCompleteConnectPort
Status: Not hooked
#: 030 Function Name: NtCompressKey
Status: Not hooked
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xabfc03c4
#: 032 Function Name: NtContinue
Status: Not hooked
#: 033 Function Name: NtCreateDebugObject
Status: Not hooked
#: 034 Function Name: NtCreateDirectoryObject
Status: Not hooked
#: 035 Function Name: NtCreateEvent
Status: Not hooked
#: 036 Function Name: NtCreateEventPair
Status: Not hooked
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xabe7805a
#: 038 Function Name: NtCreateIoCompletion
Status: Not hooked
#: 039 Function Name: NtCreateJobObject
Status: Not hooked
#: 040 Function Name: NtCreateJobSet
Status: Not hooked
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xabe77d3c
#: 042 Function Name: NtCreateMailslotFile
Status: Not hooked
#: 043 Function Name: NtCreateMutant
Status: Not hooked
#: 044 Function Name: NtCreateNamedPipeFile
Status: Not hooked
#: 045 Function Name: NtCreatePagingFile
Status: Not hooked
#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xabfc0080
#: 047 Function Name: NtCreateProcess
Status: Not hooked
#: 048 Function Name: NtCreateProcessEx
Status: Not hooked
#: 049 Function Name: NtCreateProfile
Status: Not hooked
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xabe79652
#: 051 Function Name: NtCreateSemaphore
Status: Not hooked
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xabfc0e72
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7a84f24
#: 054 Function Name: NtCreateTimer
Status: Not hooked
#: 055 Function Name: NtCreateToken
Status: Not hooked
#: 056 Function Name: NtCreateWaitablePort
Status: Not hooked
#: 057 Function Name: NtDebugActiveProcess
Status: Not hooked
#: 058 Function Name: NtDebugContinue
Status: Not hooked
#: 059 Function Name: NtDelayExecution
Status: Not hooked
#: 060 Function Name: NtDeleteAtom
Status: Not hooked
#: 061 Function Name: NtDeleteBootEntry
Status: Not hooked
#: 062 Function Name: NtDeleteFile
Status: Not hooked
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xabe77e46
#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xabe77f30
#: 066 Function Name: NtDeviceIoControlFile
Status: Not hooked
#: 067 Function Name: NtDisplayString
Status: Not hooked
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xabfbfb02
#: 069 Function Name: NtDuplicateToken
Status: Not hooked
#: 070 Function Name: NtEnumerateBootEntries
Status: Not hooked
#: 071 Function Name: NtEnumerateKey
Status: Not hooked
#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked
#: 073 Function Name: NtEnumerateValueKey
Status: Not hooked
#: 074 Function Name: NtExtendSection
Status: Not hooked
#: 075 Function Name: NtFilterToken
Status: Not hooked
#: 076 Function Name: NtFindAtom
Status: Not hooked
#: 077 Function Name: NtFlushBuffersFile
Status: Not hooked
#: 078 Function Name: NtFlushInstructionCache
Status: Not hooked
#: 079 Function Name: NtFlushKey
Status: Not hooked
#: 080 Function Name: NtFlushVirtualMemory
Status: Not hooked
#: 081 Function Name: NtFlushWriteBuffer
Status: Not hooked
#: 082 Function Name: NtFreeUserPhysicalPages
Status: Not hooked
#: 083 Function Name: NtFreeVirtualMemory
Status: Not hooked
#: 084 Function Name: NtFsControlFile
Status: Not hooked
#: 085 Function Name: NtGetContextThread
Status: Not hooked
#: 086 Function Name: NtGetDevicePowerState
Status: Not hooked
#: 087 Function Name: NtGetPlugPlayEvent
Status: Not hooked
#: 088 Function Name: NtGetWriteWatch
Status: Not hooked
#: 089 Function Name: NtImpersonateAnonymousToken
Status: Not hooked
#: 090 Function Name: NtImpersonateClientOfPort
Status: Not hooked
#: 091 Function Name: NtImpersonateThread
Status: Not hooked
#: 092 Function Name: NtInitializeRegistry
Status: Not hooked
#: 093 Function Name: NtInitiatePowerAction
Status: Not hooked
#: 094 Function Name: NtIsProcessInJob
Status: Not hooked
#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked
#: 096 Function Name: NtListenPort
Status: Not hooked
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xabe788cc
#: 098 Function Name: NtLoadKey
Status: Not hooked
#: 099 Function Name: NtLoadKey2
Status: Not hooked
#: 100 Function Name: NtLockFile
Status: Not hooked
#: 101 Function Name: NtLockProductActivationKeys
Status: Not hooked
#: 102 Function Name: NtLockRegistryKey
Status: Not hooked
#: 103 Function Name: NtLockVirtualMemory
Status: Not hooked
#: 104 Function Name: NtMakePermanentObject
Status: Not hooked
#: 105 Function Name: NtMakeTemporaryObject
Status: Not hooked
#: 106 Function Name: NtMapUserPhysicalPages
Status: Not hooked
#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked
#: 108 Function Name: NtMapViewOfSection
Status: Not hooked
#: 109 Function Name: NtModifyBootEntry
Status: Not hooked
#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked
#: 111 Function Name: NtNotifyChangeKey
Status: Not hooked
#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked
#: 113 Function Name: NtOpenDirectoryObject
Status: Not hooked
#: 114 Function Name: NtOpenEvent
Status: Not hooked
#: 115 Function Name: NtOpenEventPair
Status: Not hooked
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xabe78362
#: 117 Function Name: NtOpenIoCompletion
Status: Not hooked
#: 118 Function Name: NtOpenJobObject
Status: Not hooked
#: 119 Function Name: NtOpenKey
Status: Not hooked
#: 120 Function Name: NtOpenMutant
Status: Not hooked
#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked
#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7a84f10
#: 123 Function Name: NtOpenProcessToken
Status: Not hooked
#: 124 Function Name: NtOpenProcessTokenEx
Status: Not hooked
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xabfc0744
#: 126 Function Name: NtOpenSemaphore
Status: Not hooked
#: 127 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked
#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7a84f15
#: 129 Function Name: NtOpenThreadToken
Status: Not hooked
#: 130 Function Name: NtOpenThreadTokenEx
Status: Not hooked
#: 131 Function Name: NtOpenTimer
Status: Not hooked
#: 132 Function Name: NtPlugPlayControl
Status: Not hooked
#: 133 Function Name: NtPowerInformation
Status: Not hooked
#: 134 Function Name: NtPrivilegeCheck
Status: Not hooked
#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked
#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked
#: 137 Function Name: NtProtectVirtualMemory
Status: Not hooked
#: 138 Function Name: NtPulseEvent
Status: Not hooked
#: 139 Function Name: NtQueryAttributesFile
Status: Not hooked
#: 140 Function Name: NtQueryBootEntryOrder
Status: Not hooked
#: 141 Function Name: NtQueryBootOptions
Status: Not hooked
#: 142 Function Name: NtQueryDebugFilterState
Status: Not hooked
#: 143 Function Name: NtQueryDefaultLocale
Status: Not hooked
#: 144 Function Name: NtQueryDefaultUILanguage
Status: Not hooked
#: 145 Function Name: NtQueryDirectoryFile
Status: Not hooked
#: 146 Function Name: NtQueryDirectoryObject
Status: Not hooked
#: 147 Function Name: NtQueryEaFile
Status: Not hooked
#: 148 Function Name: NtQueryEvent
Status: Not hooked
#: 149 Function Name: NtQueryFullAttributesFile
Status: Not hooked
#: 150 Function Name: NtQueryInformationAtom
Status: Not hooked
#: 151 Function Name: NtQueryInformationFile
Status: Not hooked
#: 152 Function Name: NtQueryInformationJobObject
Status: Not hooked
#: 153 Function Name: NtQueryInformationPort
Status: Not hooked
#: 154 Function Name: NtQueryInformationProcess
Status: Not hooked
#: 155 Function Name: NtQueryInformationThread
Status: Not hooked
#: 156 Function Name: NtQueryInformationToken
Status: Not hooked
#: 157 Function Name: NtQueryInstallUILanguage
Status: Not hooked
#: 158 Function Name: NtQueryIntervalProfile
Status: Not hooked
#: 159 Function Name: NtQueryIoCompletion
Status: Not hooked
#: 160 Function Name: NtQueryKey
Status: Not hooked
#: 161 Function Name: NtQueryMultipleValueKey
Status: Not hooked
#: 162 Function Name: NtQueryMutant
Status: Not hooked
#: 163 Function Name: NtQueryObject
Status: Not hooked
#: 164 Function Name: NtQueryOpenSubKeys
Status: Not hooked
#: 165 Function Name: NtQueryPerformanceCounter
Status: Not hooked
#: 166 Function Name: NtQueryQuotaInformationFile
Status: Not hooked
#: 167 Function Name: NtQuerySection
Status: Not hooked
#: 168 Function Name: NtQuerySecurityObject
Status: Not hooked
#: 169 Function Name: NtQuerySemaphore
Status: Not hooked
#: 170 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked
#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked
#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked
#: 173 Function Name: NtQuerySystemInformation
Status: Not hooked
#: 174 Function Name: NtQuerySystemTime
Status: Not hooked
#: 175 Function Name: NtQueryTimer
Status: Not hooked
#: 176 Function Name: NtQueryTimerResolution
Status: Not hooked
#: 177 Function Name: NtQueryValueKey
Status: Not hooked
#: 178 Function Name: NtQueryVirtualMemory
Status: Not hooked
#: 179 Function Name: NtQueryVolumeInformationFile
Status: Not hooked
#: 180 Function Name: NtQueueApcThread
Status: Not hooked
#: 181 Function Name: NtRaiseException
Status: Not hooked
#: 182 Function Name: NtRaiseHardError
Status: Not hooked
#: 183 Function Name: NtReadFile
Status: Not hooked
#: 184 Function Name: NtReadFileScatter
Status: Not hooked
#: 185 Function Name: NtReadRequestData
Status: Not hooked
#: 186 Function Name: NtReadVirtualMemory
Status: Not hooked
#: 187 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked
#: 188 Function Name: NtReleaseMutant
Status: Not hooked
#: 189 Function Name: NtReleaseSemaphore
Status: Not hooked
#: 190 Function Name: NtRemoveIoCompletion
Status: Not hooked
#: 191 Function Name: NtRemoveProcessDebug
Status: Not hooked
#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xabfc17f2
#: 193 Function Name: NtReplaceKey
Status: Not hooked
#: 194 Function Name: NtReplyPort
Status: Not hooked
#: 195 Function Name: NtReplyWaitReceivePort
Status: Not hooked
#: 196 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked
#: 197 Function Name: NtReplyWaitReplyPort
Status: Not hooked
#: 198 Function Name: NtRequestDeviceWakeup
Status: Not hooked
#: 199 Function Name: NtRequestPort
Status: Not hooked
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xabfc0196
#: 201 Function Name: NtRequestWakeupLatency
Status: Not hooked
#: 202 Function Name: NtResetEvent
Status: Not hooked
#: 203 Function Name: NtResetWriteWatch
Status: Not hooked
#: 204 Function Name: NtRestoreKey
Status: Not hooked
#: 205 Function Name: NtResumeProcess
Status: Not hooked
#: 206 Function Name: NtResumeThread
Status: Not hooked
#: 207 Function Name: NtSaveKey
Status: Not hooked
#: 208 Function Name: NtSaveKeyEx
Status: Not hooked
#: 209 Function Name: NtSaveMergedKeys
Status: Not hooked
#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xabfc1ae6
#: 211 Function Name: NtSetBootEntryOrder
Status: Not hooked
#: 212 Function Name: NtSetBootOptions
Status: Not hooked
#: 213 Function Name: NtSetContextThread
Status: Not hooked
#: 214 Function Name: NtSetDebugFilterState
Status: Not hooked
#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked
#: 216 Function Name: NtSetDefaultLocale
Status: Not hooked
#: 217 Function Name: NtSetDefaultUILanguage
Status: Not hooked
#: 218 Function Name: NtSetEaFile
Status: Not hooked
#: 219 Function Name: NtSetEvent
Status: Not hooked
#: 220 Function Name: NtSetEventBoostPriority
Status: Not hooked
#: 221 Function Name: NtSetHighEventPair
Status: Not hooked
#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked
#: 223 Function Name: NtSetInformationDebugObject
Status: Not hooked
#: 224 Function Name: NtSetInformationFile
Status: Not hooked
#: 225 Function Name: NtSetInformationJobObject
Status: Not hooked
#: 226 Function Name: NtSetInformationKey
Status: Not hooked
#: 227 Function Name: NtSetInformationObject
Status: Not hooked
#: 228 Function Name: NtSetInformationProcess
Status: Not hooked
#: 229 Function Name: NtSetInformationThread
Status: Not hooked
#: 230 Function Name: NtSetInformationToken
Status: Not hooked
#: 231 Function Name: NtSetIntervalProfile
Status: Not hooked
#: 232 Function Name: NtSetIoCompletion
Status: Not hooked
#: 233 Function Name: NtSetLdtEntries
Status: Not hooked
#: 234 Function Name: NtSetLowEventPair
Status: Not hooked
#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked
#: 236 Function Name: NtSetQuotaInformationFile
Status: Not hooked
#: 237 Function Name: NtSetSecurityObject
Status: Not hooked
#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked
#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xabfc1ec4
#: 241 Function Name: NtSetSystemPowerState
Status: Not hooked
#: 242 Function Name: NtSetSystemTime
Status: Not hooked
#: 243 Function Name: NtSetThreadExecutionState
Status: Not hooked
#: 244 Function Name: NtSetTimer
Status: Not hooked
#: 245 Function Name: NtSetTimerResolution
Status: Not hooked
#: 246 Function Name: NtSetUuidSeed
Status: Not hooked
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xabe77bba
#: 248 Function Name: NtSetVolumeInformationFile
Status: Not hooked
#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xabfc05d2
#: 250 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked
#: 251 Function Name: NtStartProfile
Status: Not hooked
#: 252 Function Name: NtStopProfile
Status: Not hooked
#: 253 Function Name: NtSuspendProcess
Status: Not hooked
#: 254 Function Name: NtSuspendThread
Status: Not hooked
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xabfc0638
#: 256 Function Name: NtTerminateJobObject
Status: Not hooked
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xabe78814
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xabfbfe18
#: 259 Function Name: NtTestAlert
Status: Not hooked
#: 260 Function Name: NtTraceEvent
Status: Not hooked
#: 261 Function Name: NtTranslateFilePath
Status: Not hooked
#: 262 Function Name: NtUnloadDriver
Status: Not hooked
#: 263 Function Name: NtUnloadKey
Status: Not hooked
#: 264 Function Name: NtUnloadKeyEx
Status: Not hooked
#: 265 Function Name: NtUnlockFile
Status: Not hooked
#: 266 Function Name: NtUnlockVirtualMemory
Status: Not hooked
#: 267 Function Name: NtUnmapViewOfSection
Status: Not hooked
#: 268 Function Name: NtVdmControl
Status: Not hooked
#: 269 Function Name: NtWaitForDebugEvent
Status: Not hooked
#: 270 Function Name: NtWaitForMultipleObjects
Status: Not hooked
#: 271 Function Name: NtWaitForSingleObject
Status: Not hooked
#: 272 Function Name: NtWaitHighEventPair
Status: Not hooked
#: 273 Function Name: NtWaitLowEventPair
Status: Not hooked
#: 274 Function Name: NtWriteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xabe78494
#: 275 Function Name: NtWriteFileGather
Status: Not hooked
#: 276 Function Name: NtWriteRequestData
Status: Not hooked
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0xf7a84f1a
#: 278 Function Name: NtYieldExecution
Status: Not hooked
#: 279 Function Name: NtCreateKeyedEvent
Status: Not hooked
#: 280 Function Name: NtOpenKeyedEvent
Status: Not hooked
#: 281 Function Name: NtReleaseKeyedEvent
Status: Not hooked
#: 282 Function Name: NtWaitForKeyedEvent
Status: Not hooked
#: 283 Function Name: NtQueryPortInformationProcess
Status: Not hooked
merci
a+
- InfoMars.fr
- → Affichage d'un profil: Messages: hans
hans
Inscrit(e) : 05 sept. 2008Hors-ligne Dernière activité : 20 sept. 2008 03:16
Community Stats
- Groupe : Zimien
- Messages : 8
- Visualisations : 8 263
- Titre : Marsonaute
- Âge : Âge inconnu
- Anniversaire : Anniversaire inconnu
-
Gender
Non spécifié
Messages que j'ai posté
Dans le sujet : rootkit invisible
14 septembre 2008 - 04:39
Dans le sujet : rootkit invisible
12 septembre 2008 - 03:22
Bonjour Txon et Noisette si t'Es toujours la
bon, hier j'Ai essayer pas mal de fois de vous envoyer sur le forum ce que j'Ecrit et votre serveur est toujours en erreur genre: ''ips driver error''.
j'ai scanner avec antivir partiel les fichiers et j'Ai un warning: ''C:\pagefile.sys
[WARNING] The file could not be opened!'' j'Ai un 2e quand j'Aurai le temps de faire au complet un scan de ma machine.
J'ai desinsstaler dsa pour le moment j'ai deja assez de comodo, antivir et spyware terminator.
Faudra que j'appel mon fournisseur pour dessastaller le driver sur le modem. il n'est pas venu avec un cd d'installation.
j'Ai supprime en mode sans echec un fichier en memoire ram wudftrace.etl. j'ai verifier avec google semble etre un virus (beagle) je ne suis pas sur.
maintenant voila avec rootrepeal report hook:
ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2008/09/11 22:09
Program Version: Version 1.1.1.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: RootRepeal.sys
Image Path: C:\WINDOWS\system32\drivers\RootRepeal.sys
Address: 0xA7C82000 Size: 40960 File Visible: No
Status: -
Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\neo\ntuser.dat.LOG
Status: Size mismatch (API: 1024, Raw: 32768)
Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl
Status: Allocation size mismatch (API: 8192, Raw: 4096)
SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4eec8c
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab094606
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ee3c4
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab09405a
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab093d3c
#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ee080
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab095652
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4eee72
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xb91771fc
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab093e46
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab093f30
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4edb02
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab0948cc
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab094362
#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xb91771e8
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ee744
#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xb91771ed
#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ef7f2
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ee196
#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4efae6
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4efec4
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab093bba
#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ee5d2
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ee638
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab094814
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ede18
#: 274 Function Name: NtWriteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab094494
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0xb91771f2
merci a+
bon, hier j'Ai essayer pas mal de fois de vous envoyer sur le forum ce que j'Ecrit et votre serveur est toujours en erreur genre: ''ips driver error''.
j'ai scanner avec antivir partiel les fichiers et j'Ai un warning: ''C:\pagefile.sys
[WARNING] The file could not be opened!'' j'Ai un 2e quand j'Aurai le temps de faire au complet un scan de ma machine.
J'ai desinsstaler dsa pour le moment j'ai deja assez de comodo, antivir et spyware terminator.
Faudra que j'appel mon fournisseur pour dessastaller le driver sur le modem. il n'est pas venu avec un cd d'installation.
j'Ai supprime en mode sans echec un fichier en memoire ram wudftrace.etl. j'ai verifier avec google semble etre un virus (beagle) je ne suis pas sur.
maintenant voila avec rootrepeal report hook:
ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2008/09/11 22:09
Program Version: Version 1.1.1.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: RootRepeal.sys
Image Path: C:\WINDOWS\system32\drivers\RootRepeal.sys
Address: 0xA7C82000 Size: 40960 File Visible: No
Status: -
Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\neo\ntuser.dat.LOG
Status: Size mismatch (API: 1024, Raw: 32768)
Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl
Status: Allocation size mismatch (API: 8192, Raw: 4096)
SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4eec8c
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab094606
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ee3c4
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab09405a
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab093d3c
#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ee080
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab095652
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4eee72
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xb91771fc
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab093e46
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab093f30
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4edb02
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab0948cc
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab094362
#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xb91771e8
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ee744
#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xb91771ed
#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ef7f2
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ee196
#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4efae6
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4efec4
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab093bba
#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ee5d2
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ee638
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab094814
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xac4ede18
#: 274 Function Name: NtWriteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xab094494
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0xb91771f2
merci a+
Dans le sujet : rootkit invisible
10 septembre 2008 - 03:45
Salut Txon et Noisette, J'ai jamais tronque rien comme report je sais pas pourquoi vous affirme ca pour rku. Je sauvgarde le raport dans ''mes documents'' et je le joint au forum et non copie coller. faite l'essai!
Des messages s'affiche quand je commande le rapport avec rku au moin 5 fenetres s'ouvre alternatif avec mention ''error starting helper service''. J'appuis tous sur ok. A la fn du rapport c'Est inscrit comme toujours !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =) (ca c'Est un copie coller)
est ce que c'Est vraie , dans un noyau de programme, ou bien dans des periphériques.
J'ai un enregistreur de frappe prit a un endroit ou un autre.
J'ai un modem et telephone par ip cable en meme temps, pour pas le nomme videotron. comment on peut biduler ce genre de modem. j'ai meme pas de logicel pour le faire tourne. J'avait juste a ouvrir connection reseaux sur windows la premiere fois et hope tout s'installait tout seul.
merci de vos conseils.
Des messages s'affiche quand je commande le rapport avec rku au moin 5 fenetres s'ouvre alternatif avec mention ''error starting helper service''. J'appuis tous sur ok. A la fn du rapport c'Est inscrit comme toujours !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =) (ca c'Est un copie coller)
est ce que c'Est vraie , dans un noyau de programme, ou bien dans des periphériques.
J'ai un enregistreur de frappe prit a un endroit ou un autre.
J'ai un modem et telephone par ip cable en meme temps, pour pas le nomme videotron. comment on peut biduler ce genre de modem. j'ai meme pas de logicel pour le faire tourne. J'avait juste a ouvrir connection reseaux sur windows la premiere fois et hope tout s'installait tout seul.
merci de vos conseils.
Dans le sujet : rootkit invisible
09 septembre 2008 - 00:30
salut txon, j'ai jamais tronquer quoique ce soit dans les rapports. je sais pas si rku examine bien tous les fichiers. mais a chaque fois que je scan repport au bas completement c'Est ecrit possible rootkit detected­.
il y a quelque fenetre d'Erreur avant que le rapport arrive.
les unknown file dans rku sont apparue seulement apres desinstalation de panda et malware sweeper. en les remplacant par antivir,comodo et dsa. faut-il tirer un conclusion?
Je voudrait savoir si c'Est possible d'installer un genre de kellogger sur un modem haute vistesse d'un fournisseur?
merci txon et noisette.
il y a quelque fenetre d'Erreur avant que le rapport arrive.
les unknown file dans rku sont apparue seulement apres desinstalation de panda et malware sweeper. en les remplacant par antivir,comodo et dsa. faut-il tirer un conclusion?
Je voudrait savoir si c'Est possible d'installer un genre de kellogger sur un modem haute vistesse d'un fournisseur?
merci txon et noisette.
Dans le sujet : rootkit invisible
08 septembre 2008 - 04:06
Bonjour Noisette et Txon, ma connaissance ne connait pas grand chose en programmation c'Est pas elle qu'il a mis dans ma machine.
Mais je savais pas qu'on pouvait avec un enregistreur de frappe installer depuis mon modem. J'aimerais en savoir plus.
j'Ai fait un scan en mode sans echec avec rootkit a on. ca rien donne. juste par contre 2 warnings, fichier ne pouvant etre verifies.
J'ai installer sur ma machine dsa, Comodo, spyware terminator et antivir.
le pwipf6.sys est un vieux fichier je croit. Le systeme la mal desastaller. je vais regarder plus tard pour l'elimine. mais semble actif en memoire j'effacerai en mode sans echec.
a la fin du scan avec RKU c'Est belle et bien ecrit possible rootkit detection a toute les fois.
Je vais reverifie RKU pour les unknown
Merci pour l'Aide.
Mais je savais pas qu'on pouvait avec un enregistreur de frappe installer depuis mon modem. J'aimerais en savoir plus.
j'Ai fait un scan en mode sans echec avec rootkit a on. ca rien donne. juste par contre 2 warnings, fichier ne pouvant etre verifies.
J'ai installer sur ma machine dsa, Comodo, spyware terminator et antivir.
le pwipf6.sys est un vieux fichier je croit. Le systeme la mal desastaller. je vais regarder plus tard pour l'elimine. mais semble actif en memoire j'effacerai en mode sans echec.
a la fin du scan avec RKU c'Est belle et bien ecrit possible rootkit detection a toute les fois.
Je vais reverifie RKU pour les unknown
Merci pour l'Aide.
- InfoMars.fr
- → Affichage d'un profil: Messages: hans
